VM With Full Cloud Access
- Query id: bc20bbc6-0697-4568-9a73-85af1dd97bdd
- Query name: VM With Full Cloud Access
- Platform: Ansible
- Severity: Medium
- Category: Access Control
- CWE: 732
- URL: Github
Description¶
A VM instance is configured to use the default service account with full access to all Cloud APIs
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a instance
google.cloud.gcp_compute_instance:
name: test_object
zone: us-central1-a
project: test_project
auth_kind: serviceaccount
service_accounts:
- scopes:
- cloud-platform
state: present